ENCRYPTING FILES WITHIN A CLOUD COMPUTING ENVIRONMENT

US 20140013112A1
Filed: 12/26/2012
Published: 01/09/2014
Est. Priority Date: 02/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting a file, the method comprises:

retrieving the file from a storage service;

segmenting the file into multiple file segments;

calculating a file segment signature for each of the multiple file segments to provide multiple file segment signatures;

encrypting each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are in response to the multiple file segment signatures;

wherein the multiple encrypted file segments form an encrypted file; and

sending the multiple encrypted file segments to the storage service.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, computer readable medium and a method for encrypting a file, the method may include retrieving the file from a storage service; segmenting the file into multiple file segments; calculating a file segment signature for each of the multiple file segments to provide multiple file segment signatures; encrypting each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are in response to the multiple file segment signatures; wherein the multiple encrypted file segments form an encrypted file; and sending the multiple encrypted file segments to the storage service.

Citations

43 Claims

1. A method for encrypting a file, the method comprises:
- retrieving the file from a storage service;
  
  segmenting the file into multiple file segments;
  
  calculating a file segment signature for each of the multiple file segments to provide multiple file segment signatures;
  
  encrypting each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are in response to the multiple file segment signatures;
  
  wherein the multiple encrypted file segments form an encrypted file; and
  
  sending the multiple encrypted file segments to the storage service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 2. The method according to claim 1 further comprising deleting the file from the storage service.
  - 3. The method according to claim 1, comprising calculating each encryption key in response to a file segment signature associated with a file segment that is encrypted by the encryption key.
  - 4. The method according to claim 1, further comprising associating with the multiple encrypted file segments the multiple file segment signatures.
  - 5. The method according to claim 1, wherein the segmenting, the calculating and the encrypting are executed by a management server.
  - 6. The method according to claim 5, further comprising flagging the encrypted file as being encrypted.
  - 7. The method according to claim 5, further comprising flagging the encrypted file as being encrypted by altering a file type of the encrypted file.
  - 8. The method according to claim 1, further comprising exposing the encrypted file to a user of the management server through an interface of the storage service.
  - 9. The method according to claim 1, wherein the segmenting comprises separating text content of the file and image content of the file.
  - 10. The method according to claim 1, comprising preventing the segmenting, the calculating and the encrypting of the file if the file has been modified by a user of the storage service during a predetermined period from a moment of the retrieving of the file by the management server.
  - 11. The method according to claim 2, comprising preventing the deletion of the file if the file has been modified by a user of the storage service during a predetermined period from a moment of the retrieving of the file.
  - 12. The method according to claim 1, wherein the segmenting comprising finding initial file segments by applying a first segmentation process;
    - and defining each file segment as comprising multiple initial file segments.
  - 13. The method according to claim 11, wherein the finding of the initial file segments comprises applying at least one process out of Rabin fingerprint process and cyclic redundancy code (CRC) process.
  - 14. The method according to claim 1, wherein the segmenting of the file into multiple file segments is executed independent of a file segmentation scheme applied on the file by the storage service.
  - 15. The method according to claim 1, wherein the segmenting of the file to multiple file segments is executed independent of a file segmentation scheme applied on the file by the storage service for de-duplication purposes.
  - 16. The method according to claim 1, wherein the file is associated with a certain user;
    - wherein the method comprises using different segmentation parameters for segmenting another file that is associated with another user that differs from the certain user.
  - 17. The method according to claim 1, wherein the file is associated with a certain user;
    - wherein the method comprises using different encryption parameters for encrypting another file that is associated with another user that differs from the certain user.
  - 18. The method according to claim 1, wherein the file is associated with a user of certain group of users;
    - wherein the method comprises using different segmentation parameters for segmenting another file that is associated with another user that belongs to another group of users.
  - 19. The method according to claim 1, wherein the file is associated with a user of certain group of user;
    - wherein the method comprises using different encryption parameters for segmenting another file that is associated with another user that belongs to another group of users.
  - 20. The method according to claim 1, comprising adding a user identifier to each file segment;
    - wherein the user identifier identifies a user associated with the file.
  - 21. The method according to claim 1, wherein identical file segments are associated with identical encryption keys.
  - 22. The method according to claim 1, comprising retrieving the file from the storage service, wherein the file is stored in a storage entity in an encrypted form and is decrypted by the storage service to be provided in a decrypted form to the management server;
    - wherein the encrypting by the management server is executed independent of a decryption applied by the storage service.
  - 23. The method according to claim 1 wherein the management server and the storage service are located in a cloud computing environment.
  - 24. The method according to claim 1, comprising retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;
    - wherein the segmenting of the file by the file management server is executed while a applying a second de-duplication policy that is defined independent of the first de-duplication policy.
  - 25. The method according to claim 1, comprising retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;
    - wherein the segmenting of the file by the file management server is executed while a applying a second de-duplication policy that is in response to the first de-duplication policy.
  - 26. The method according to claim 1, comprising retrieving the file from the storage service, wherein the storage service applies a first de-duplication policy;
    - wherein the segmenting of the file by the file management server is executed while a applying a second de-duplication policy that differs from the first de-duplication policy.
  - 27. The method according to claim 2, wherein at least one of the management server and the storage service belong to a cloud computing environment.
  - 28. The method according to claim 1, comprising retrieving the file from a dedicated folder that is allocated for files to be encrypted.
  - 29. The method according to claim 1, comprising creating a new folder for files to be encrypted, wherein the folder is exposed to the user.
  - 30. The method according to claim 1, comprising retrieving the file from a dedicated folder that is allocated to files to be encrypted.
  - 31. The method according to claim 1, comprising flagging the encrypted file as being encrypted.
  - 32. The method according to claim 1, comprising changing a type of a file to a type that is indicative of the encryption of the file.
  - 33. The method according to claim 1 comprising sending the file to a cache memory before starting the segmenting, the calculating, and the encrypting actions.

34. A method for decrypting an encrypted file, the method comprising:
- receiving a request, by a management server, to provide at least one encryption key for decrypting at least one encrypted file segment of the encrypted file by a user device, after the management server generated the encrypted file to be of a specific file type and after a storage service stored the encrypted file;
  
  wherein the request comprises a file segment signature;
  
  determining, by the management server, whether the user device is authorized to decrypt the at least one encrypted file segment; and
  
  sending the at least one encryption key to the user device if it is determined that the user device is authorized to decrypt the at least one encrypted file segment.
- View Dependent Claims (35, 36, 37, 38)
- - 35. The method according to claim 34 wherein a single encryption key is used for encrypting all the file segments of a file.
  - 36. The method according to claim 34, wherein the at least one encryption key is in response to a content of at the least one encrypted file segment.
  - 37. The method according to claim 34, comprising receiving the request from an application that is regarded by the operating system hosted by the user device to be associated with files of the certain file type.
  - 38. The method according to claim 34, wherein at least one of the management server and the storage service belong to a cloud computing environment.

39. A method for decrypting an encrypted file, the method comprising:
- retrieving, by a user device, of one or more file segment signatures associated with one or more encrypted file segments of an encrypted file;
  
  wherein each file segment signature is mapped to a decryption key that facilitates a decryption of the encrypted file segment;
  
  comparing the multiple file segment signatures to a data structure of file segment signatures that are mapped to decryption keys that are stored at the user device to find at least zero decryption keys not stored in the user device;
  
  requesting from a management server at least zero decryption keys that are not stored in the user device;
  
  receiving by the user device at least one zero encryption keys that are not stored in the user device; and
  
  decrypting the multiple encrypted file segments, wherein each encrypted file segment is decrypted using a decryption key that facilitates the decryption of the encrypted file segment.
- View Dependent Claims (40)
- - 40. The method according to claim 39, wherein a decryption key to be used for decrypting a certain file segment is calculated based upon a file segment signature and its metadata field associated with the certain file segment.

41. A non-transitory computer readable medium that stores instructions for:
- retrieving the file from a storage service;
  
  segmenting the file into multiple file segments;
  
  calculating a file segment signature for each of the multiple file segments to provide multiple file segment signatures;
  
  encrypting each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are in response to the multiple file segment signatures;
  
  wherein the multiple encrypted file segments form an encrypted file; and
  
  sending the multiple encrypted file segments to the storage service.

42. A non-transitory computer readable medium that stores instructions for:
- receiving a request, by a management server, to provide at least one decryption key for decrypting at least one encrypted file segment of the encrypted file by a user device, after the management server generated the encrypted file to be of a certain file type and after a storage service stored the encrypted file;
  
  wherein the request comprises a file segment signature;
  
  determining, by the management server, whether the user device is authorized to decrypt the at least one encrypted file segment; and
  
  sending the at least one decryption key to the user device if it is determined that the user device is authorized to decrypt the at least one encrypted file segment.

43. A non-transitory computer readable medium that stores instructions for:
- retrieving, by a user device, of multiple file segment signatures associated with multiple encrypted file segments of an encrypted file;
  
  wherein each file segment signature is mapped to an encryption and decryption key that facilitates a decryption of an encrypted file segment associated with the file segment signature;
  
  comparing the multiple file segment signatures to a data structure of file segment signatures that are mapped to decryption keys that are stored at the user device to find at least zero decryption keys not stored in the user device;
  
  requesting from a management server the at least zero decryption keys that are not stored in the user device;
  
  receiving by the user device the at least one zero decryption keys that are not stored in the user device; and
  
  decrypting the multiple encrypted file segments, wherein each encrypted file segment is decrypted using an decryption key that facilitates the decryption of the encrypted file segment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Barracuda Networks Incorporated
Original Assignee
Asaf Cidon
Inventors
Cidon, Asaf, Prabandham, Gopal Madan, Cidon, Israel, Chandrashekhar, Shetty, Gavish, Lior, Srour, Barak

Granted Patent

US 9,262,643 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/13   File access structures, e.g...

G06F 16/137   Hash-based content-based in...

G06F 16/182   Distributed file systems

G06F 21/6218   to a system of files or obj...

ENCRYPTING FILES WITHIN A CLOUD COMPUTING ENVIRONMENT

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

ENCRYPTING FILES WITHIN A CLOUD COMPUTING ENVIRONMENT

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links